Hi,

What is the solution if I want all my laptop users once they go home and connect to WiFi they should mandatorily direct traffic to my firewall and we should monitor all website that users access. Also company policy should apply (question posted on behalf of a CISO member)

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Votes: 0
Email me when people reply –

Replies

  • There can be two options to achieve the same:

    1. Use Hybrid proxy environment where users have agents installed on their laptop and the agent will ensure that traffic is routed to office proxy available over web to do the required filtering as per the web filtering policies configured in office environment. 

    2. Use cloud proxy which will be uniform either users are in office or home lan. 

  • You may use a solution like this
    1. End users should not have a local administrator access
    2. Configure a proxy server(s) in the end users browsers
    3. Have an enterprise LDAP/AD policy to disable the facility to chnage proxy server address in the browser by end-users
    4. Provide roaming (laptop) users a SSL / Client based VPN
    5. Ensure you have proxy server installed in or closure to DMZ or perimeter to handle the redundant internet traffic
    6. Ensure that enterprise Anti-Virus, Windows update servers are seamlessly accessible over VPN

    This solution works just fine.
  • You can use Zcsaler  Internet security under which you will be redirected to you firewall without no one is able to access the internet and they have to use VPN to use internet from your internet .

    Feel free to ask if any clarification needed.

  • There are multiple solutions are available as follow :

    1. If only browsing traffic, you can use the McAfee plugins in the browser and set the corporate policy as per your requirements.

    2. You can use Zscaler proxy solution, it will route all the traffic as per your requirements and can set customized policy.

    3. If you would like to route complete laptop traffic, you can use VPN solutions.

  • I think SDP, software defined perimeter is a good option to explore in this case.
  • Hi...if you have fortigate, then EMS or end point management can ensure the laptop will carry the user traffic as per corporate policies. secondly you may use cloud proxy like zscaler

  • The below reply is based on CISO Platform closed group discussion:

    (private CISO member): Use wi-fi group policy to divert traffic from VPN solution. Check spiceworks

  • The below reply is based on CISO Platform closed group discussion:

    (private CISO member): use any cloud proxy solution that is compatible with your IT infra landscape.

    Cloud proxy will give you the same proxy provision that you have on Lan while you are mobile. for this to work effectively please restrict the IPs to your offical IP segments so all official laptops will be forced to connect via cloud proxy only when on wifi

  • The below reply is based on CISO Platform closed group discussion:

    (private CISO member): Use cloud base proxy and web content filter solutions like zscalar

  • The below question is based on CISO Platform closed group discussion:

    (private CISO member):

    Is forcepoint dlp agent capable of doing offline web content filtering as well?

This reply was deleted.